canvas-quiz
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly directs the agent to execute shell commands such as
canvaslms,make, andpython3. While these are functional requirements for quiz authoring, they grant the agent the ability to spawn processes. Maliciously crafted topic names or lecture titles provided by a user could potentially be used to inject shell arguments or commands if the agent interpolates them directly into the command lines. - [EXTERNAL_DOWNLOADS] (LOW): The skill relies on the
canvaslmsCLI tool. Although it does not automate the installation of this tool within the provided files, it encourages the use of external software from a non-trusted source (the source ofcanvaslmsis not verified in the instructions). - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted input to generate quiz content and validate it.
- Ingestion points: User-supplied lecture topics, topic names, and the content of existing
INL1Quiz-*.jsonfiles. - Boundary markers: None are specified; the instructions do not use delimiters or warnings to ignore instructions embedded within the processed quiz data.
- Capability inventory: The skill can execute Python scripts, run
maketasks, and interface with thecanvaslmsCLI tool via shell. - Sanitization: The instructions do not define any sanitization, escaping, or validation steps for external content before it is processed or passed to command-line tools.
Audit Metadata